Paris Hilton and you

It didn't require a California law for data-theft victims to be notified after Paris Hilton's phone book hit the Web a week ago. Oh, they knew. Dozens of celebs, ranging from rapper Eminem to tennis babe Anna Kournikova, suffered through hundreds of calls from fans, pranksters and anyone else who found the contents of Hilton's T-Mobile cell phone on the Internet. There were also snapshots, to-do lists and transcripts of Hilton's text-messaging chats. But what caught headlines were the phone numbers of all those poor, beleaguered B-listers, suddenly out there where any nobody with a dialing finger could call them.

C'mon, stop snickering. I'm getting to a serious point here.

See, Hilton thought all that personal data was on her cell phone, tucked safely away in her ... well, wherever she keeps it. But she was wrong. The data's real home was on T-Mobile's servers. Her Sidekick II phone stored the data there automatically, just as it was designed to.

That arrangement means the data won't be lost if the phone is damaged or the batteries die. But it also means that if anyone were to hack into T-Mobile's servers, they'd have access to whatever Hilton put in her phone: pictures, documents, phone numbers, the works.

And T-Mobile's servers have a history of being hacked. In October 2003, intruders got into T-Mobile's customer databases and acquired passwords and other information that, in turn, let the bad guys access customer accounts. Hilton's account information was reportedly compromised at that time.

So was account information for a hotshot U.S. Secret Service agent, Peter Cavicchia. Cavicchia didn't store the numbers of celebrity friends on his phone -- that is, on T-Mobile's servers. He stored material linked to ongoing Secret Service criminal investigations.

According to the New York Daily News, that allowed one or more hackers to access numerous Secret Service documents, including reports, requests for subpoenas and a confidential treaty with Russia.

Cavicchia has since left the Secret Service, which says the security breach didn't compromise any ongoing investigations. And last week 22-year-old Nicholas Jacobsen pleaded guilty to the 2003 T-Mobile break-in. He'll be sentenced in May.

Now think: If a Secret Service agent stored sensitive information on his phone, how many of your users have likely done the same thing? And even if you've warned them to guard their phones carefully, how many have unknowingly stored sensitive company documents or data on a cell phone company's servers, where the only thing standing between that data and hackers is security you have no control over?

You can't protect that information. You don't even know what information is at risk. And your users don't even know it is at risk.

Not snickering now, are you? We're not talking about glitterati inconvenience and embarrassment any more. This is about your job: protecting your company's data.

What can you do? You could ban the use of state-of-the-art cell phones (which won't work). Or you could carefully audit every user's phone account for security (which would add a huge amount of work).

Or you can once again take on the challenge of educating your users. You can explain the risks of storing company data on their phones. And offer guidance about what data is safest to keep on which phones. And encourage them to consult with IT to keep potential problems to a minimum.

Yes, that's still a big job. It will require educating yourself on cell phone risks, too. But if you can get users to understand what's on the line, maybe you can get them to help you keep that data secure instead of fighting you.

After all, you don't really want to end up like Paris Hilton, do you?

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Frank Hayes

Computerworld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?